Specifies how this LDAP X509 Identity Assertion provider fits into
the login sequence.

The Control Flag determines how the login sequence uses the
Authentication provider.

A REQUIRED value specifies this LoginModule must
succeed. Even if it fails, authentication proceeds down the list of
LoginModules for the configured Authentication providers.

A REQUISITE value specifies this LoginModule must
succeed. If other Authentication providers are configured and this
LoginModule succeeds, authentication proceeds down the list of
LoginModules. Otherwise, control is return to the application.

A SUFFICIENT value specifies this LoginModule need
not succeed. If it does succeed, return control to the application.
If it fails and other Authentication providers are configured,
authentication proceeds down the LoginModule list.

An OPTIONAL value specifies this LoginModule need
not succeed. Whether it succeeds or fails, authentication proceeds
down the LoginModule list. This setting is the default.